11-Year Old Creates Game-Stealing Trojan

AVG’s latest community threat report has unearthed an interesting trend: pre-teen cybercriminals. The security firm claims that an increasing number of pint-sized programmers are writing malicious code designed to steal login details from online gamers, including one perpetrator who was just 11 years old.

“You may not believe that [a kid] could design a Trojan horse that is able to steal the account login information of your favourite online game, but we see these cases on a daily basis,” the AVG report claims.

AVG gives the example of an 11-year-old boy from Canada who stole account information from the multiplayer first-person shooter game Team Fortress. Apparently, this kind of behavior is becoming increasingly rife among pre-teen gamers.

Most ‘kiddie Trojans’ are written using .NET framework (Visual Basic, C#) due to its beginner-friendly learning curve and ease of deployment.

“You can download Microsoft Visual Studio Express edition for free and use it to start coding malware, or you can download pirated full versions of Borland Delphi for rapid (malware) application development,” the report explains.

Yuval Ben-Itzhak, AVG’s chief technology officer, said the majority of perpetrators were chiefly interested in obtaining gamer data and outsmarting friends, rather than unlawful financial gain. However, with online gaming accounts often linked to credit card details, the nature of the crime remains significant.

As the report notes, online game accounts often have hundreds of dollars of software or virtual in-game currency attached to them.

“It is also logical to assume that at least some of those responsible will be tempted to experiment with much more serious cyber-crimes,” Itzhak added.

Despite being tech-savvy, the report notes that many of the code authors unintentionally left traces in the malware’s binary files, which makes them easy to track down.

The report also flags the dramatic rise of mobile-based malware and the continued prevalence of exploit toolkits in online threats. While we certainly don’t countenance malware, it’s good to see kids learning programming skills at a young age.

I don't think Grayda goes far enough. I think that there should be a government register for anyone with access to SDKs for any language. Children should also be asked what the purpose of a semi-colon is, and if they can answer you they should be institutionalized and put to work in the data mines.

Um...Grayda was making a joke... You know, about how idiots call for the banning of anything they don't understand simply because someone somewhere did something bad with it or because of a tenuous connection between said bad thing and whatever it is they want banned.

Not really surprising when you think about it.. When I was a kid we had Mechano and Lego.. we would make whatever we wanted and engineer this stuff. When I was about 5 or 6 years old we got out first programmable computer and at that age we (my brothers and my friends) were already tinkering around with programming. Enter the development environment tools we have these days with the same inquisitive, free-thinking, lateral minds of the very young and you've got a security nightmare just waiting to happen.

"11-year-old boy from Canada who stole account information from the multiplayer first-person shooter game Team Fortress."

Team Fortress doesn't have a dedicated account, it's linked directly to the Steam account. Does that mean they were exploiting TF2 mods to steal the Steam login details or what? Author doesn't seem to be sure.